Security Expert Leaves His Own Wi-Fi Network Wide Open
30.11.1999 / 802.11b Networking News
Schneier on leaving his Wi-Fi network open: Bruce Schneier is a security savant, and I usually admire his writing. In this case, he wrote something quite stupid for Wired. He explains that he leaves his Wi-Fi at home unsecured and wide open. He walks through technical and legal and practical reasons why closing the network isn't of interest to him. But he only mentions the most important bit in passing: ". If I configure my computer to be secure regardless of the network it's on, then it simply doesn't matter. And if my computer isn't secure on a public network, securing my own network isn't going to reduce my risk very much." Right. And how, Mr Security Guru, might I do that? Readers taking his advice without knowing that he's set up encryption for his computer's data across the open network--which is what I assume he's done--would be exposing themselves to risk. He's also wrong about risk profiles. The risk profile at a Wi-Fi hotspot is smaller because of the time dimension (how long someone might attack your computer) and the population dimension (how many people might attack your computer over time). I don't advise opening your home network because securing your desktop computers and even laptops is so much of a hassle most of the time, that simply disabling local network access--over which more attacks can be launched because many firewalls consider the local network a trusted network and lower their defenses--is the lowest-hanging fruit for average users' protection. Also, Schneier's discussion with "several lawyers" led to his summary that if someone misused your network, you might wind up plea bargaining over child porn suits or paying the RIAA thousands of dollars to settle, even if you're not at fault. But his conclusion: "I remain unconvinced of this threat, though." I do not. Finally, Schneier dismisses concerns over ISPs who don't allow their networks to be shared. (Note that although he mentions Fon, he doesn't note their Roadrunner cable deal, which provides their private/public router service to a much larger potential audience with legal sharing ability.) Schneier writes, "But despite the occasional cease-and-desist letter and providers getting pissy at people who exceed some secret bandwidth limit, this isn't a big risk either. The worst that will happen to you is that you'll have to find a new ISP." He is unaware of the near-monopoly in many parts of the US, even in cities where a duopoly exists. In many cases, a cable firm that drops you can't be replaced by any other broadband provider. Open networks constructed properly with good security are a great addition to the arsenal of access. Implicitly advising everyone to open their APs--not so good....Copyright ©2008 Glenn Fleishman. All rights reserved. Please notify us if you find this content anywhere but at wifinetnews.com or wimaxnetnews.com. Reproduction of full articles from RSS feeds is prohibited without permission.]]>
Read Full News >>
